The Museum of Flight

By 2030, The Museum of Flight will have an anticipated 200 petabytes worth of aerospace artifacts, digital content, and intellectual property (IP), some of which is irreplaceable. It’s essential to protect these invaluable materials to preserve history and ensure that community partners and educational institutions around the world can access them.  

Another major security priority comes from the Museum’s neighbors. It is physically situated between the Boeing International Airfield and the Boeing Military Delivery Center. Additionally, Boeing has been known to provide artifacts to the Museum. As a result of the shared history, proximity, and impact in Seattle, attackers often imagine the Museum could be a potential vector for supply chain attacks and reputational damage.

To protect its IP and partners, the Museum turned to Darktrace. Installed across the network, email systems, cloud-based apps, and endpoint, Darktrace’s Self-Learning AI learns from the organization’s real-time business data to recognize normal cyber activity, and so in turn identify abnormal instances that indicate a cyber-attack.

Darktrace helps the Museum with threat detection, response, and investigation. With its anomaly-based approach, Darktrace can detect any kind of attack, including ones that have never been seen before. Once identified, threats can be neutralized autonomously as the AI makes precise decisions that minimize business disruption.

Over a three-year period, Darktrace has autonomously conducted 25,577 investigations in the Museum’s digital estate, freeing up the security team to focus only on high fidelity alerts likely to indicate genuine threats.  

The team has built up immense trust in Darktrace’s AI. In one memorable instance, the Museum’s CEO had an email withheld from his inbox: a personal invitation to join the Illuminati. Darktrace caught this attempted spear-phishing email and stopped it in its tracks, giving the security and leadership teams the confidence to let this potential breach be seen as comic relief instead of a reason to panic.

Beyond detection and response, the Museum uses Darktrace for cyber risk reduction. Darktrace’s attack surface management (ASM) tool monitors the attack surface for high-impact vulnerabilities and external threats. Darktrace uses AI to scan the global internet, searching beyond known servers, networks, and IPs, to identify external assets. Once determined, Darktrace prioritizes identified risks by level of criticality and provides actionable insights for remediation.

“I love ASM,” said Christopher Smith, Director of Technology and Cyber Security at The Museum of Flight. “You don't know what you don't know, and Darktrace is one of the few platforms over the course of my entire career where I feel like I've got a good visual and understanding of everything under my purview.”

The Museum’s security team uses reports generated by Darktrace to communicate its needs with the technology committee and board of trustees. These reports help the team illustrate the potential impact of vulnerabilities and justify budget requests to receive the funding and support needed to harden the attack surface.

These preventative security capabilities interact across the Darktrace platform to further inform detection and response, autonomously increasing sensitivity around critical chokepoints.

To complete its coverage across the entire attack lifecycle, the Museum started using Darktrace to strengthen its cyber resilience. Darktrace HEAL™ helps organizations be ready for cyber incidents and rapidly restore business operations after an attack.

The security team particularly loves the bespoke, AI-generated playbooks. Traditionally, organizations use playbooks to guide incident response procedures for general types of attacks and to satisfy compliance requirements. Yet these playbooks become outdated as soon as they are written, as the internal business infrastructure and external cyber threat landscape constantly evolve.

Informed and generated with AI trained on specific business data, HEAL’s playbooks are tailored to both the business and the threat. They help IT teams save resources during incident response by facilitating faster and more efficient interventions before an incident progresses further.

HEAL’s bespoke playbooks are not only useful for critical incidents that need quick eradication and recovery. In the day-to-day, they can help triage any emerging incidents, and the Museum’s team particularly likes using them for training.

“The playbook is a wonderful support tool because we can run the playbook and then sit down immediately to talk about what we saw and how we can mitigate that and how we can train other users,” Smith said.

The team uses HEAL to practice thinking differently, framing the end user as an enemy combatant instead of a trusted friend on the battlefield. It has run simulated incidents in which an attacker targets its archival material to see what could happen, and then reflect on how the team can mitigate potential vulnerabilities and improve how it would manage an incident like that one proactively.

Incident preparation is difficult, and traditional methods like tabletop exercises require considerable time to plan and execute, can be expensive if outsourced, and often don’t represent a realistic scenario. With Darktrace, HEAL simulates incidents without those time and resource investments from the human security team and with detailed, real-world scenarios that are based on the organization’s specific digital landscape.

With AI-powered playbooks and simulations, Darktrace helps the Museum protect its data and continuously harden its security posture.